Giving Consumers Data Control Under the GDPR
The General Data Protection Regulation (GDPR) is going into effect on May 25, 2018. A privacy law approved by the European Commission, it will affect not only those within the EU, but any company that deals with the data of EU citizens and residents.
With this new regulation, consumers are given more control over the ways that their data is used. This means many businesses will need to upgrade the ways they manage and obtain consent for utilizing data.
Obtaining Consumers’ Consent
The conditions for obtaining consent are stricter under the GDPR, as the individual must have the right to withdraw consent at any time. In addition, there is a presumption that consent will not be valid unless separate consents are obtained for different processing activities. This means you have provided proof that the consumer agreed to a certain action. Keep in mind that:
- Consent must be specific to each use and/or processing activity, and separate from registration terms and conditions;
- Silence, pre-ticked boxes, or inactivity does not constitute consent; your consumers must explicitly opt-in to the storage, use, and processing of their personal data;
- In the event that services are provided to children (below the age of 16 years), personal data processing will be lawful only if consent is given by parents.
Providing Data Management Rights to Consumers
The GDPR provides your consumers with the right to manage their personal data in your system and delete it at any point of time. It is your obligation to ensure you provide these rights to consumers:
- The right to be forgotten: The consumer may request that an organization delete all of his or her personal data without undue delay;
- The right to object: The consumer may prohibit certain data uses;
- The right to rectification: The consumer may request that incomplete data on his or her profile be completed or that incorrect data be corrected;
- The right of access: The consumer has the right to know what data about him or her is being processed and how;
- The right of portability: The consumer may download his or her personal data held by one organization and transport it to another.
To learn more about the different processes and strategies to put into place, check out our guide, “Are You Ready for the GDPR?” to navigate the new requirements.